mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-31 16:36:38 +00:00

Go to file

Eric Ernst e642e32ed5 kata-deploy: add support for deploying Kata on K8S

A Dockerfile is created and reference daemonsets are also
provided for deploying Kata Containers onto a running Kubernetes
cluster. A few daemonsets are introduced:

1) runtime-labeler: This daemonset will create a label on each node in
the cluster identifying the CRI shim in use. For example,
container-runtime=crio or container-runtime=containerd.

2) crio and containerd kata installer: Assuming either CRIO or
containerd is the CRI runtime on the node (determined based on label
from (1),, either the crio or containerd variant will execute.  These daemonsets
will install the VM artifacts and host binaries required for using
Kata Containers.  Once installed, it will add a node label kata-runtime=true
and reconfigure either crio or containerd to make use of Kata for untrusted workloads.
As a final step it will restart the CRI shim and kubelet.  Upon deletion,
the daemonset will remove the kata binaries and VM artifacts and update
the label to kata-runtime=cleanup.

3) crio and containerd cleanup: Either of these two daemonsets will run,
pending the container-runtime label value and if the node has label
kata-runtime=cleanup.  This daemonset simply restarts crio/containerd as
well as kubelet. This was not feasible in a preStepHook, hence the
seperate cleanup step.

An RBAC is created to allow the daemonsets to modify labels on the node.

To deploy kata:
kubectl apply -f kata-rbac.yaml
kubectl apply -f kata-deploy.yaml

To remove kata:
kubectl delete -f kata-deploy.yaml
kubectl apply -f kata-cleanup.yaml
kubectl delete -f kata-cleanup.yaml
kubectl delete -f kata-rbac.yaml

This initial commit is based on contributions by a few folks on
github.com/egernst/kata-deploy

Also-by: Saikrishna Edupuganti <saikrishna.edupuganti@intel.com>
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Signed-off-by: Jon Olson <jonolson@google.com>
Signed-off-by: Ricardo Aravena <raravena@branch.io>
Signed-off-by: Eric Ernst <eric.ernst@intel.com>

2018-07-10 18:52:05 +00:00

.ci

snap: add yaml to build snap image

2018-07-04 15:59:33 -05:00

ccloudvm

docs: Add ccloudvm README.

2018-05-23 11:02:43 -05:00

kata-deploy

kata-deploy: add support for deploying Kata on K8S

2018-07-10 18:52:05 +00:00

kernel

pkgs: move obs scripts to its own directory

2018-06-18 15:00:49 -05:00

obs-packaging

Makefile: fix test path.

2018-07-04 14:32:07 -05:00

release

release: tag: tag kernel build

2018-07-04 10:08:27 -05:00

scripts

scripts: Fix qemu build.

2018-07-04 14:30:41 -05:00

snap

snap: add yaml to build snap image

2018-07-04 15:59:33 -05:00

static-build/qemu

ci: Add test for static qemu

2018-06-20 09:35:24 -05:00

.gitignore

snap: add yaml to build snap image

2018-07-04 15:59:33 -05:00

.pullapprove.yml

CI: Add pullapprove config

2018-02-05 15:33:31 +00:00

CODE_OF_CONDUCT.md

docs: Add CoC and contributing doc

2018-02-05 15:33:30 +00:00

CONTRIBUTING.md

docs: Add CoC and contributing doc

2018-02-05 15:33:30 +00:00

LICENSE

Initial commit

2018-02-02 09:27:48 +00:00

Makefile

snap: add yaml to build snap image

2018-07-04 15:59:33 -05:00

README.md

kata-deploy: add support for deploying Kata on K8S

2018-07-10 18:52:05 +00:00

README.md

Kata Containers packaging

Kata Containers currently supports packages for many distributions. Tooling to aid in creating these packages are contained within this repository.

In addition, Kata build artifacts are available within a container image, created by a Dockerfile. Reference daemonsets are provided in kata-deploy, which make installation of Kata Containers in a running Kubernetes Cluster very straightforward.

Languages

Rust 58%

Go 24.6%

Shell 10.1%

RPC 5.3%

Makefile 1%

Other 0.9%